ietf-restconf-client

HTML

ietf-restconf-client@2017-10-30

moduleietf-restconf-client {
yang-version1.1;
namespace"urn:ietf:params:xml:ns:yang:ietf-restconf-client";
prefixrcc;
importietf-inet-types {
prefixinet;
reference"RFC 6991: Common YANG Data Types";
}
importietf-tls-client {
prefixts;
revision-date"2017-10-30";
reference"RFC ZZZZ: YANG Groupings for TLS Clients and TLS Servers";
}
organization"IETF NETCONF (Network Configuration) Working Group";
contact"WG Web: <http://tools.ietf.org/wg/restconf/>
WG List: <mailto:restconf@ietf.org>
Author: Kent Watsen
<mailto:kwatsen@juniper.net>
Author: Gary Wu
<mailto:garywu@cisco.com>";
description"This module contains a collection of YANG definitions for
configuring RESTCONF clients.
Copyright (c) 2017 IETF Trust and the persons identified as
authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject
to the license terms contained in, the Simplified BSD
License set forth in Section 4.c of the IETF Trust's
Legal Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX; see
the RFC itself for full legal notices.";
revision"2017-10-30" {
description"Initial version";
reference"RFC XXXX: RESTCONF Client and Server Models";
}
featureinitiate {
description"The 'initiate' feature indicates that the RESTCONF client
supports initiating RESTCONF connections to RESTCONF servers
using at least one transport (e.g., TLS, etc.).";
}
featuretls-initiate {
if-featureinitiate;
description"The 'tls-initiate' feature indicates that the RESTCONF client
supports initiating TLS connections to RESTCONF servers. This
feature exists as TLS might not be a mandatory-to-implement
transport in the future.";
reference"RFC 8040: RESTCONF Protocol";
}
featurelisten {
description"The 'listen' feature indicates that the RESTCONF client
supports opening a port to accept RESTCONF server call
home connections using at least one transport (e.g.,
TLS, etc.).";
}
featuretls-listen {
if-featurelisten;
description"The 'tls-listen' feature indicates that the RESTCONF client
supports opening a port to listen for incoming RESTCONF
server call-home TLS connections. This feature exists as
TLS might not be a mandatory-to-implement transport in the
future.";
reference"RFC 8071: NETCONF Call Home and RESTCONF Call Home";
}
containerrestconf-client {
description"Top-level container for RESTCONF client configuration.";
usesrestconf-client;
} // container restconf-clientgroupingrestconf-client {
description"Top-level grouping for RESTCONF client configuration.";
containerinitiate {
if-featureinitiate;
description"Configures client initiating underlying TCP connections.";
listrestconf-server {
key "name";
min-elements1;
description"List of RESTCONF servers the RESTCONF client is to initiate
connections to in parallel.";
leafname {
typestring;
description"An arbitrary name for the RESTCONF server.";
}
containerendpoints {
description"Container for the list of endpoints.";
listendpoint {
key "name";
min-elements1;
ordered-byuser;
description"A non-empty user-ordered list of endpoints for this
RESTCONF client to try to connect to in sequence.
Defining more than one enables high-availability.";
leafname {
typestring;
description"An arbitrary name for this endpoint.";
}
choicetransport {
mandatorytrue;
description"Selects between available transports. This is a
'choice' statement so as to support additional
transport options to be augmented in.";
casetls {
if-featuretls-initiate;
containertls {
description"Specifies TLS-specific transport configuration.";
leafaddress {
typeinet:host;
mandatorytrue;
description"The IP address or hostname of the endpoint.
If a domain name is configured, then the DNS
resolution should happen on each usage attempt.
If the the DNS resolution results in multiple
IP addresses, the IP addresses will be tried
according to local preference order until a
connection has been established or until all
IP addresses have failed.";
}
leafport {
typeinet:port-number;
default'443';
description"The IP port for this endpoint. The RESTCONF
client will use the IANA-assigned well-known
port for 'https' (443) if no value is
specified.";
}
usests:tls-client-grouping {
refine
}
} // container tls
} // case tls
} // choice transportcontainerconnection-type {
description"Indicates the kind of connection to use.";
choiceconnection-type {
description"Selects between available connection types.";
containerpersistent {
presence'true';
description"Maintain a persistent connection to the RESTCONF
server. If the connection goes down, immediately
start trying to reconnect to it, using the
reconnection strategy. This connection type
minimizes any RESTCONF server to RESTCONF client
data-transfer delay, albeit at the expense of
holding resources longer.";
leafidle-timeout {
typeuint32;
units"seconds";
default'86400';
description"Specifies the maximum number of seconds that
the underlying TLS session may remain idle.
A TLS session will be dropped if it is idle
for an interval longer than this number of
seconds. If set to zero, then the client
will never drop a session because it is idle.
Sessions that have a notification subscription
active are never dropped.";
}
containerkeep-alives {
description"Configures the keep-alive policy, to
proactively test the aliveness of the TLS
server. An unresponsive TLS server will be
dropped after approximately max-attempts *
max-wait seconds.";
reference"RFC 8071: NETCONF Call Home and RESTCONF Call
Home, Section 3.1, item S6";
leafmax-wait {
typeuint16 {
range"1..max";
}
units"seconds";
default'30';
description"Sets the amount of time in seconds after
which if no data has been received from
the TLS server, a TLS-level message will
be sent to test the aliveness of the TLS
server.";
}
leafmax-attempts {
typeuint8;
default'3';
description"Sets the maximum number of sequential keep-
alive messages that can fail to obtain a
response from the TLS server before assuming
the TLS server is no longer alive.";
}
} // container keep-alives
} // container persistentcontainerperiodic {
presence'true';
description"Periodically connect to the RESTCONF server, so
that, e.g., the RESTCONF client can collect data
(logs) from the RESTCONF server. Once the
connection is closed, for whatever reason, the
RESTCONF client will restart its timer until the
next connection.";
leafidle-timeout {
typeuint16;
units"seconds";
default'300';
description"Specifies the maximum number of seconds that
the underlying TLS session may remain idle. A
TLS session will be dropped if it is idle for
an interval longer than this number of seconds
If set to zero, then the server will never
drop a session because it is idle.";
}
leafreconnect-timeout {
typeuint16 {
range"1..max";
}
units"minutes";
default'60';
description"Sets the maximum amount of unconnected time
the RESTCONF client will wait before re-
establishing a connection to the RESTCONF
server. The RESTCONF client may initiate a
connection before this time if desired (e.g.,
to set configuration).";
}
} // container periodic
} // choice connection-type
} // container connection-typecontainerreconnect-strategy {
description"The reconnection strategy directs how a RESTCONF client
reconnects to a RESTCONF server, after discovering its
connection to the server has dropped, even if due to a
reboot. The RESTCONF client starts with the specified
endpoint and tries to connect to it max-attempts times
before trying the next endpoint in the list (round
robin).";
leafstart-with {
typeenumeration {
enum"first-listed" {
value0;
description"Indicates that reconnections should start with
the first endpoint listed.";
}
enum"last-connected" {
value1;
description"Indicates that reconnections should start with
the endpoint last connected to. If no previous
connection has ever been established, then the
first endpoint configured is used. RESTCONF
clients SHOULD be able to remember the last
endpoint connected to across reboots.";
}
}
default'first-listed';
description"Specifies which of the RESTCONF server's endpoints
the RESTCONF client should start with when trying
to connect to the RESTCONF server.";
}
leafmax-attempts {
typeuint8 {
range"1..max";
}
default'3';
description"Specifies the number times the RESTCONF client tries
to connect to a specific endpoint before moving on
to the next endpoint in the list (round robin).";
}
} // container reconnect-strategy
} // list endpoint
} // container endpoints
} // list restconf-server
} // container initiatecontainerlisten {
if-featurelisten;
description"Configures client accepting call-home TCP connections.";
leafidle-timeout {
typeuint16;
units"seconds";
default'3600';
description"Specifies the maximum number of seconds that an underlying
TLS session may remain idle. A TLS session will be dropped
if it is idle for an interval longer than this number of
seconds. If set to zero, then the server will never drop
a session because it is idle. Sessions that have a
notification subscription active are never dropped.";
}
listendpoint {
key "name";
description"List of endpoints to listen for RESTCONF connections.";
leafname {
typestring;
description"An arbitrary name for the RESTCONF listen endpoint.";
}
choicetransport {
mandatorytrue;
description"Selects between available transports. This is a 'choice'
statement so as to support additional transport options
to be augmented in.";
casetls {
if-featuretls-listen;
containertls {
description"TLS-specific listening configuration for inbound
connections.";
leafaddress {
typeinet:ip-address;
description"The IP address to listen on for incoming call-home
connections. The RESTCONF client will listen on
all configured interfaces if no value is specified.
INADDR_ANY (0.0.0.0) or INADDR6_ANY (0:0:0:0:0:0:0:0
a.k.a. ::) MUST be used when the server is to listen
on all IPv4 or IPv6 addresses, respectively.";
}
leafport {
typeinet:port-number;
default'4336';
description"The port number to listen on for call-home
connections. The RESTCONF client will listen
on the IANA-assigned well-known port for
'restconf-ch-tls' (4336) if no value is
specified.";
}
usests:tls-client-grouping {
refine
}
} // container tls
} // case tls
} // choice transport
} // list endpoint
} // container listen
} // grouping restconf-client
} // module ietf-restconf-client

Description

This module contains a collection of YANG definitions for
configuring RESTCONF clients.
Copyright (c) 2017 IETF Trust and the persons identified as
authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject
to the license terms contained in, the Simplified BSD
License set forth in Section 4.c of the IETF Trust's
Legal Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX; see
the RFC itself for full legal notices.

Periodically connect to the RESTCONF server, so
that, e.g., the RESTCONF client can collect data
(logs) from the RESTCONF server. Once the
connection is closed, for whatever reason, the
RESTCONF client will restart its timer until the
next connection.

Specifies the maximum number of seconds that
the underlying TLS session may remain idle. A
TLS session will be dropped if it is idle for
an interval longer than this number of seconds
If set to zero, then the server will never
drop a session because it is...

Sets the maximum amount of unconnected time
the RESTCONF client will wait before re-
establishing a connection to the RESTCONF
server. The RESTCONF client may initiate a
connection before this time if desired (e.g.,
to set configuration).

Maintain a persistent connection to the RESTCONF
server. If the connection goes down, immediately
start trying to reconnect to it, using the
reconnection strategy. This connection type
minimizes any RESTCONF server to RESTCONF client
data-transfer delay,...

Specifies the maximum number of seconds that
the underlying TLS session may remain idle.
A TLS session will be dropped if it is idle
for an interval longer than this number of
seconds. If set to zero, then the client
will never drop a session because it ...

The reconnection strategy directs how a RESTCONF client
reconnects to a RESTCONF server, after discovering its
connection to the server has dropped, even if due to a
reboot. The RESTCONF client starts with the specified
endpoint and tries to connect to i...

The IP address or hostname of the endpoint.
If a domain name is configured, then the DNS
resolution should happen on each usage attempt.
If the the DNS resolution results in multiple
IP addresses, the IP addresses will be tried
according to local preferen...

A binary that contains the value of the private key. The
interpretation of the content is defined by the key
algorithm. For example, a DSA key is an integer, an RSA
key is represented as RSAPrivateKey as defined in
[RFC3447], and an Elliptic Curve Crypt...

A binary that contains the value of the public key. The
interpretation of the content is defined by the key
algorithm. For example, a DSA key is an integer, an RSA
key is represented as RSAPublicKey as defined in
[RFC3447], and an Elliptic Curve Cryptog...

A reference to a list of certificate authority (CA)
certificates used by the TLS client to authenticate
TLS server certificates. A server certificate is
authenticated if it has a valid chain of trust to
a configured pinned CA certificate.

A reference to a list of server certificates used by
the TLS client to authenticate TLS server certificates.
A server certificate is authenticated if it is an
exact match to a configured pinned server certificate.

The IP address to listen on for incoming call-home
connections. The RESTCONF client will listen on
all configured interfaces if no value is specified.
INADDR_ANY (0.0.0.0) or INADDR6_ANY (0:0:0:0:0:0:0:0
a.k.a. ::) MUST be used when the server is to list...

A binary that contains the value of the private key. The
interpretation of the content is defined by the key
algorithm. For example, a DSA key is an integer, an RSA
key is represented as RSAPrivateKey as defined in
[RFC3447], and an Elliptic Curve Crypt...

A binary that contains the value of the public key. The
interpretation of the content is defined by the key
algorithm. For example, a DSA key is an integer, an RSA
key is represented as RSAPublicKey as defined in
[RFC3447], and an Elliptic Curve Cryptog...

A reference to a list of certificate authority (CA)
certificates used by the TLS client to authenticate
TLS server certificates. A server certificate is
authenticated if it has a valid chain of trust to
a configured pinned CA certificate.

A reference to a list of server certificates used by
the TLS client to authenticate TLS server certificates.
A server certificate is authenticated if it is an
exact match to a configured pinned server certificate.

Specifies the maximum number of seconds that an underlying
TLS session may remain idle. A TLS session will be dropped
if it is idle for an interval longer than this number of
seconds. If set to zero, then the server will never drop
a session because it i...